Why you should never use a free VPN
Today virtual networks are very popular for solving personal security issues on the Internet - VPN. More and more people use them to circumvent network censorship in countries where there…

Continue reading →

D-Link DIR-300 Setup
The DIR-300 router has been discontinued today and you can see on sale its more modern version - DIR-300NRU. The difference between them is small: slightly different interfaces (NRU cannot…

Continue reading →

Computer assembly, pitfalls
Assembling a computer, especially a new one, is a lottery game. A number of factors that are not dependent on the builder can lead to the fact that the computer…

Continue reading →

Delete a banner using Kaspersky WindowsUnlocker

Today, the removal of ransomware viruses has become somewhat more complicated than before – many time-tested methods do not work. For example, now it’s unlikely that you can unblock a malicious program using code, rewind time in BIOS for several years, or calmly enter safe mode and use the registry editor. Solving the tricks of unscrupulous creators of Windows blockers, users have to learn more professional methods. Now, every person who faces the problem of removing the banner has a boot disk, with which you can cure the infected computer by importing a registry of the affected operating system. However, Kaspersky Lab has prepared a wonderful free tool specifically for dealing with various advertising modules, the use of which will significantly reduce time and effort in order to unlock the banner. In this article we will consider it in more detail. You can also study our main article about banner removal.

Create bootable media
To get started, you will need to download the image of the Kaspersky Rescue Disk boot disk, which comes with the necessary Kaspersky WindowsUnlocker utility. After that, you will need to create a boot disk or flash drive. In order to create a disc, you can use any program for cutting optical discs (Nero, Ashampoo Burning Studio and others). If you decide to make a bootable USB flash drive / USB drive (namely, this option is now most relevant), you will need to perform the following algorithm of actions:

get a USB drive with at least 256 megabytes of memory
format it in FAT16 or in FAT32
download a special program for recording a previously downloaded image onto a medium
run rescue2usb.exe file and select the necessary drive
press the “Start” button and wait for a message about recording completion

Delete the ransomware banner
On this, the creation of the boot image is completed and you can proceed directly to the removal of the banner. To do this, restart the computer, go into the BIOS (usually called using the F2 or Del keys) and select the one we created as the boot disk. In the process of loading the image for more comfortable work, select the Russian language and graphic mode, you will also need to accept the terms of the agreement from the software manufacturer. After successfully loading the system, you will need to call the terminal by clicking the button in the lower left corner of the screen. When the terminal is loaded, enter the windowsunlocker command and press Enter on the computer keyboard and follow the instructions – to unlock the registry, you will need to press 1 and Enter, to exit, enter 0. Kaspersky Lab, after cleaning the registry, also recommends running a full computer scan using Rescue Disk whose shortcut can be found on the desktop.

However, it happens that the utility does not help and after loading into the “native” operating system the banner remains in its place. This tells us that he registered more cleverly, but in this case the boot image will be very useful, as it has a built-in registry editor (the shortcut is on the desktop if you used the graphical mode. Using the registry editor manually check the following paths:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon

Here you need to check three parameters:

Shell parameter must be Explorer.exe
UIHost parameter must be set to logonui.exe
Userinit must be set to C: \ Windows \ system32 \ userinit.exe

If any of the parameters has an incorrect value, it should be corrected manually. The same should be done further if you find a mismatch.

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

In this thread, each parameter is responsible for automatically loading applications when Windows starts, so if a program seems suspicious to you, turn it off. As a rule, executable files of suspicious programs are located on the boot disk, in user folders or in the Temp folder.

Similarly, we check the following two registry branches for specific users (if the user is not one, check for each)

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

After successfully getting rid of the banner, it is recommended to check all disks with anti-virus software. This article is completed and we hope that the information provided was useful to you.

Installing a cooler on a processor
Background to the experiment: CPU cooling (LGA775 socket) was provided by the CNPS7700-AICu cooling system. Intel Pentium D930 processor, was purchased in 2005. At that time, quite powerful and expensive.…


Child Safety Online
Many users, even the most experienced, sometimes do not suspect that having protected themselves, they forget about their own children. They forget, especially when creating different accounts in the OS…


Modernization of old PCs
I note right away that the article has been for several years and it was left on the site for a change. It is clear that now on the market…


The computer does not turn on: the problem is in the power supply
All PC malfunctions falling under the “computer does not turn on” category boil down to one single problem: it is impossible to download any of the known operating systems to…